« Protection of Freedoms Bill promotes efficient CCTV surveillance not effective privacy | Main | ICO evidence identifies data protection concerns over Freedoms Bill »

21/02/2011

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

It seems to me the problem we have in the UK isn't so much the failure of the data protection legislation, as a failure of the regulator to employ any of the enforcement powers they already have... particulary against large organisations like BT and Google.

The recent ACS:Law case is a striking example of how weak the enforcement of UK Data Protection is.

Data alleging that hundreds of BT/Plusnet subscribers had illegally shared pornographic videos was leaked to the world at large, after BT ignored a court order instructing them to encrypt the information and convey it on physical media to ACS:Law. It is hard to imagine a more shocking example of a failure to protect acutely sensitive personal information from inappropriate disclosure.

Yet - despite having the expertise, the technology,and the resources required to comply with the court order - BT face no sanction from the ICO of any kind. None at all.

The ICO refused to investigate, because they consider BT's failure to be an internal disciplinary matter.

BT have form. The ICO also refused to investigate or take enforcement action against BT after 200,000 UK internet subscribers were subjected to covert profiling using technology supplied by Phorm.

As a result the UK Government are also subject to a separate infraction process relating to the privacy/security/integrity of telecommunications data...

http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=HTML&aged=0&language=EN&guiLanguage=en

Changing the wording or technical details of UK legislation isn't going to solve the problem with data protection in the UK until the ICO are reformed, preferably with new personnel.

It seems to me the problem we have in the UK isnt so much the failure of the data protection legislation, as a failure of the regulator to employ any of the enforcement powers they already have... particulary against large organisations like BT and Google.

The recent ACS:Law case is a striking example of how weak the enforcement of UK Data Protection is.

Data alleging that hundreds of BT/Plusnet subscribers had illegally shared pornographic videos was leaked to the world at large, after BT ignored a court order instructing them to encrypt the information and convey it on physical media to ACS:Law. It is hard to imagine a more shocking example of a failure to protect acutely sensitive personal information from inappropriate disclosure.

Yet - despite having the expertise, the technology,and the resources required to comply with the court order - BT face no sanction from the ICO of any kind. None at all.

The ICO refused to investigate, because they consider BTs failure to be an internal disciplinary matter.

BT have form. The ICO also refused to investigate or take enforcement action against BT after 200,000 UK internet subscribers were subjected to covert profiling using technology supplied by Phorm.

As a result the UK Government are also subject to a separate infraction process relating to the privacy/security/integrity of telecommunications data...

http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215format=HTMLaged=0language=ENguiLanguage=en

Changing the wording or technical details of UK legislation isnt going to solve the problem with data protection in the UK until the ICO are reformed, preferably with new personnel.
+1

The comments to this entry are closed.

All materials on this website are the copyright of Amberhawk Training Limited, except where otherwise stated. If you want to use the information on the blog, all we ask is that you do so in an attributable manner.